March 8, 2025

(Click here for a video version of the introduction)

Hello all,

Microsoft continued to have some sporadic issues this past week, but nowhere near as widespread as they had the prior weekend. Hopefully, by the time this makes it to you, they’ve fixed things. Speaking of fixing things, On Tuesday, Broadcom released emergency patches for 3 VMware zero-days that are under active exploitation. Elastic and Zoho both also released fixes. And if that wasn’t enough, This coming week is Patch Tuesday, are you ready?

Now on to details about these and other headline items.

Headline NEWS:

• Undocumented commands found in Bluetooth chip used by a billion devices. The Chinese made ESP32 Bluetooth + WiFi chip contains undocumented commands that, “allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.” So far, the manufacturer has not replied to requests to comment on why these commands exist.
• Broadcom patches 3 VMware zero-days , with over 37,000 publicly facing servers still vulnerable as of Thursday of this past week. These nasty defects can enable a local administrator to escape a hosted machine down to the hypervisor to perform all sorts of havoc. There are no workarounds, patching is your only option. Don’t wait.
• Elastic Releases Urgent Fix for Kibana Vulnerability Enabling Remote Code Execution, although this carries a Common Vulnerabilities and Exposures (CVE) score of 9.9 out of 10, exploitation is only possible under specific limited circumstances. Nevertheless, if you use Elastic Kibana for anything, you should verify immediately whether you need to take action, and if so, don’t wait. If you can’t apply the patch, there is temporary mitigation available.
• Zoho ADSelfService Plus Vulnerability Let Attackers Gain Unauthorized Access, is a defect that allowed data exposure and “created a pathway for malicious actors to impersonate legitimate users, modify account recovery settings, and ultimately seize control of Active Directory accounts”. The fix is to update to version 6511 or higher.

In Ransomware, Malware, and Vulnerabilities News:

• AI Deepfake is on the rise, this week’s full RedDotSecurity.news contains links to four different articles describing how executives and government leaders are being visually faked to steal credentials, promote cryptocurrency, and request fund transfers. One person that I work with was watching the SpaceX launch and had a fake Elon Musk interrupt and encourage him to purchase crypto just this week. The time to set up security controls to verify identity is now, not when the fake CEO is asking you for something.

In Other News Events of Note and Interest:

• Microsoft tells abandoned Publisher fans to just use Word and hope for the best. I’ve personally used Microsoft’s Publisher for years, finding it to be an incredibly capable program for allowing excellent layout control. Sadly, Microsoft has announced that they’re killing it off in October next year, with no plans for a replacement, and nothing available that can import .PUB files with any fidelity. Sigh, I guess I’ll need to learn something new.

Musings:

The impending demise of Microsoft Publisher got me to thinking about some of the various technological things that I’ve personally seen pass away. Some of my list contains WordStar, MS-DOS, Floppy Disks, SCSI, Lotus 123, Digital Equipment Corporation, CGA monitors, Prodigy, AOL, dialup modems, and even green-bar paper. But I’m not pining for them. Yes, I remember, but I know that we must advance, adapt, and evolve. Newer, better, faster, more efficient is the continual focus of our modern age. However, I still think killing off Microsoft Publisher is a mistake!

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Undocumented commands found in Bluetooth chip used by a billion devices
• Broadcom Patches 3 VMware Zero-Days Exploited in the Wild
• Broadcom urges VMware customers to patch ‘emergency’ zero-day bugs under active exploitation
• VMware ESXi Vulnerabilities Exploited in Wild to Execute Malicious Code
• Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
• Zoho ADSelfService Plus Vulnerability Let Attackers Gain Unauthorized Access 

Ransomware, Malware, and Vulnerabilities News

• CISA tags Windows, Cisco vulnerabilities as actively exploited
• CISA Warns of Active Exploitation of Microsoft Windows Win32k Vulnerability
• Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited
• Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns
• US seizes $23 million in crypto stolen via password manager breach
• US seizes domain of Garantex crypto exchange used by ransomware gangs
• US Sanctions Iranian Administrator of Nemesis Darknet Marketplace
• FBI Denver warns of online file converter scam
• Badbox Android botnet disrupted through coordinated threat hunting
• Pentagon, CISA Deny Change in US Cyber Policy on Russia
• Cisco warns of Webex for BroadWorks flaw exposing credentials
• Sitecore 0-Day Vulnerability Let Attackers Execute Remote Code
• Apache Pinot Vulnerability Allows Remote Attackers to Bypass Authentication
• Malicious Chrome extensions can spoof password managers in new attack
• Linux, macOS users infected with malware posing as legitimate Go packages
• Apple reportedly challenges the UK’s secretive encryption crackdown
• Apple drags UK government to court over ‘backdoor’ order
• UK quietly scrubs encryption advice from government websites
• Governments can’t seem to stop asking for secret backdoors
• NIST recommends 2048-bit keys – upgrade DKIM to 2048-bit keys
• How AI is Revolutionizing Cyber Threat Hunting | Enhancing Security with Machine Learning and Automation
• Disrupting a global cybercrime network abusing generative AI
• It’s bad enough we have to turn on cams for meetings, now the person staring at you may be an AI deepfake
• Hackers Deploy AI Deepfake of YouTube CEO in Credential Theft Scam
• YouTube warns of AI-generated video of its CEO used in phishing attacks
• Deepfakes of Singapore PM Used to Sell Crypto, Residency Program
• Nearly 10% of employee gen AI prompts include sensitive data
• Wallbleed: A Memory Disclosure Vulnerability in the Great Firewall of China
• Over 37,000 VMware ESXi servers vulnerable to ongoing attacks
• Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
• Substack Domain Takeover
• New malware exploits fake updates to steal data
• New Eleven11bot botnet infects 86,000 devices for DDoS attacks
• Over 4,000 ISP IPs Targeted in Brute-Force Attacks to Deploy Info Stealers and Cryptominers
• Identity: The New Cybersecurity Battleground
• What is vishing? Voice phishing is surging – expert tips on how to spot it and stop it
• The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe
• Nonprofits Face Surge in Cyber-Attacks as Email Threats Rise 35%
• Microsoft says malvertising campaign impacted 1 million PCs
• Microsoft: nearly one million devices hit by malware spread through ads on illegal streaming websites
• Phishers Wreak ‘Havoc,’ Disguising Attack Inside SharePoint
• Thousands of public school workers impacted by cyberattack on retirement plan administrator
• Zapier says someone broke into its code repositories and may have accessed customer data
• Hackers leak sensitive data from elite Bronx private school after ransomware attack
• Rubrik rotates authentication keys after log server breach
• Rite Aid – Pharmacy Giant Handing $6,800,000 To Customers After Hackers Trigger Massive Data Breach
• Cybercrime crew stole then resold hundreds of tickets to Swift concerts, prosecutors say
• 24,041 Americans Affected As Billion-Dollar Bank Suffers Data Breach
• Employee screening data breach exposes 3.3 million records
• Japanese telco giant NTT Com says hackers accessed details of almost 18,000 organizations
• Windows Hyper-V NT Kernel Vulnerability Allows SYSTEM Privileges
• Hackers Weaponizing PowerShell & Microsoft Legitimate Apps To Deploy Malware
• Wazuh Server Vulnerability Enables Remote Attackers to Execute Malicious Code
• Update your Wi-Fi cameras, else malware could infect your network
• New polyglot malware hits aviation, satellite communication firms
• Polish space agency investigates cyberattack on its systems
• Polish Space Agency offline as it recovers from cyberattack
• North Korean IT Workers Hide Their IPs Using Astrill VPN
• Chinese Silk Typhoon targeting IT supply chain
• Silk Typhoon hackers now target IT supply chains to breach networks
• Home appliance company Presto says cyberattack causing delivery delays
• FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
• 12 Chinese hackers charged with US Treasury breach — and much, much more
• Ransomware thugs threaten Tata Technologies with leak if demands not met
• Mission, TX hit by ‘security incident,’ computer systems offline
• Penn-Harris-Madison schools investigating ransomware attack
• Hunters International ransomware claims attack on Tata Technologies
• Medusa Ransomware Claims 40+ Victims in 2025
• Researchers Link CACTUS Ransomware Tactics to Former Black Basta Affiliates
• Like whitebox servers, rent-a-crew crime ‘affiliates’ have commoditized ransomware
• Over Half of Organizations Report Serious OT Security Incidents
• Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear
• Cybercrims now licking stamps and sending extortion demands in snail mail
• Ransomware king boasts of friends who arranged escape
• Microsoft signed a dodgy driver and now ransomware scum are exploiting it
• Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide
• Vim Vulnerability (CVE-2025-27423) Allows Code Execution via Malicious TAR Archives
• The World’s Most Popular Flight Tracker is Fighting An Ongoing DDoS Cyber Attack
• Chrome 134, Firefox 136 Patch High-Severity Vulnerabilities
• CVE-2025-25012 (CVSS 9.9): Critical Code Execution Vulnerability Patched in Elastic Kibana
• FTC Lawsuit Temporarily Halts ‘Phantom Debt Collection’ Scheme
• Online scams easy as ever, as cybercrime markets flourish
• Hackers launder most of Bybit’s stolen crypto worth $1.4B
• Safe{Wallet} Confirms North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
• Enabling Incognito Mode in RDP to Hide All the Traces
• YouTubers extorted via copyright strikes to spread malware 

Other News Events of Note and Interest

• Cool Tool: Microsoft adds incredible audio and video file conversion tools to PowerToys v0.89.0
• PowerToys and WinGet are going to work seamlessly together, and I couldn’t be happier
• Cool Tool: Warp, the intelligent terminal, now available on Windows!
• Financial Orgs Seek Updates To Proposed Incident Reporting Rule
• Proposed HIPAA Security Rule Updates May Significantly Impact Covered Entities and Business Associates
• NIST releases draft cybersecurity white paper on crypto agility, aims to shape future cybersecurity strategies
• Let’s Encrypt to offer 6-day certificates
• Meta in talks for $200 billion AI data center project
• Monopoly App Banking replaces cash and math with a mobile app
• AI-Powered Brain Implant Lets Paralyzed Man Control Robotic Arm
• Alphabet’s Taara chip uses light beams to provide high-speed internet
• Google’s New Shielded Email Feature Let Users Hide Email From Apps
• Google Online Security Blog: Vulnerability Reward Program: 2024 in Review
• Google will still have to break up its business, the Justice Department said
• Financial groups urge CISA to revise proposed incident reporting rule
• How to stop your personal data appearing in Google searches
• Waymo, Uber launch driverless ride-hailing in Austin
• Spyzie stalkerware is spying on thousands of Android and iPhone users
• Lenovo’s new niche PC has an absurdly tall folding display
• Crossing the uncanny valley of conversational voice
• The 2025 Terminator? Lab-grown muscle brings biohybrid robot hand to life
• “It’s a lemon”—OpenAI’s largest AI model ever arrives to mixed reviews
• World’s Largest Call Center Deploys AI to “Neutralize the Accent” of Indian Employees
• You thought genAI hallucinations were bad? Things just got so much worse
• T-Mobile’s parent company is making an ‘AI Phone’ with Perplexity Assistant
• VMware Workstation Pro (free) fixes Windows 11 freezing, boot crash issue, and more
• Xen Project delivers solid hypervisor update and keeps working on RISC-V port
• As Skype shuts down, its legacy is end-to-end encryption for the masses
• New Microsoft 365 outage impacts Teams, causes call failures
• Still can’t get to your Outlook mailbox? You aren’t alone
• Microsoft Exchange Admin Center takes extended siesta in the EU
• Microsoft SQL Server 2019 shuffles out of mainstream support
• Microsoft finally releases native Copilot app for Windows 11 with new useful features
• Microsoft Outlook on Mobile Just Got Another Great Improvement
• Microsoft Attributes Recent Microsoft 365 Outage to Authentication Token Failure
• Microsoft Drops DES Encryption from Windows 11 24H2 and Windows Server 2025
• Microsoft 365 apps will prompt users to back up files in OneDrive
• Microsoft tells abandoned Publisher fans to just use Word and hope for the best